Bug 970633 - (CVE-2016-3116) VUL-0: CVE-2016-3116: dropbear: Validate X11 forwarding input. Could allow bypass of authorized_keyscommand= restrictions, found by...
(CVE-2016-3116)
VUL-0: CVE-2016-3116: dropbear: Validate X11 forwarding input. Could allow by...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.1
: P3 - Medium : Normal
: ---
Assigned To: Tim Hardeck
Security Team bot
https://smash.suse.de/issue/163055/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-11 08:17 UTC by Victor Pereira
Modified: 2016-03-24 14:12 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-03-11 08:17:25 UTC
CVE-2016-3116

- Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
  found by github.com/tintinweb. Thanks for Damien Miller for a patch.

References:
https://matt.ucc.asn.au/dropbear/CHANGES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3116
http://seclists.org/oss-sec/2016/q1/593
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3116.html
Comment 1 Swamp Workflow Management 2016-03-11 23:00:21 UTC
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2016-03-14 09:00:15 UTC
This is an autogenerated message for OBS integration:
This bug (970633) was mentioned in
https://build.opensuse.org/request/show/371343 13.2 / dropbear
https://build.opensuse.org/request/show/371346 42.1 / dropbear
Comment 3 Bernhard Wiedemann 2016-03-14 10:00:19 UTC
This is an autogenerated message for OBS integration:
This bug (970633) was mentioned in
https://build.opensuse.org/request/show/372675 13.1 / dropbear
Comment 4 Marcus Meissner 2016-03-24 10:44:33 UTC
released
Comment 5 Swamp Workflow Management 2016-03-24 14:08:29 UTC
openSUSE-SU-2016:0874-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 970633
CVE References: CVE-2016-3116
Sources used:
openSUSE 13.1 (src):    dropbear-2016.72-2.7.1
Comment 6 Swamp Workflow Management 2016-03-24 14:12:28 UTC
openSUSE-SU-2016:0882-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 970633
CVE References: CVE-2016-3116
Sources used:
openSUSE Leap 42.1 (src):    dropbear-2016.72-8.1
openSUSE 13.2 (src):    dropbear-2016.72-2.3.1